On Wed, Jan 26 2022, Junio C Hamano wrote: > Ævar Arnfjörð Bjarmason <avarab@xxxxxxxxx> writes: > >> On Tue, Jan 25 2022, Yuri wrote: >> >>> Ctrl-C was pressed in the middle. git creates the stash record and >>> didn't update the files. >>> >>> >>> Expected behavior: Ctrl-C should cleanly roll back the operation. >> >> Yes, you're right. It really should be fixed. >> >> It's a known issue with builtin/stash.c being written in C, but really >> only still being a faithful conversion of the code we had in a >> git-stash.sh shellscript until relatively recently. >> >> (No fault of those doing the conversion, that's always the logical first >> step). >> >> So it modifies various refs, reflogs etc., but does so mostly via >> shelling out to other git commands, whereas it really should be moved to >> using the ref transaction API. >> >> Ig you or anyone else is interested in would be a most welcome project >> to work on... > > I must be missing something. > > If I understand the problem description correctly, the user does > > git stash push > > which > > * bundles the local changes by recording a commit (with trees and > blobs) that represents the new stash entry > > * removes the local modification from the working tree files. > > And if the user kills the process while the second step is running, > there will be files that are restored to HEAD and other files that > are left unrestored, because the process was killed before it had a > chance to do so. At that point, we probably do not even know which > ones have been restored to be "rolled back"---that knowledge is lost > when the process got killed. > > My take on it is that it is not something that we can call "_should_ > be fixed". It is in the same category as "yes, it would be nice if > the world worked that way, and it would be nice if we had moon, > too". > > And it has nothing to do with the command being written in C or > shell, and it does not have much to do with the existence of ref > transaction API. If you want atomic working tree update, you'd need > to snapshot the working tree state, record the fact that you are > about to muck with the working tree in a secure place and make sure > that hits the disk platter, perform the "stash push" operation > including the working tree update, and then remove the record. The > record will help you discover that your earlier attempt for doing so > failed for whatever reason (e.g. ^C, kill -9, power failure). Then > you'd need to arrange that the state gets restored, and possibly > redo what you were doing. > > Which theoretically can be done. But it would be not practically > cheap enough to use in a day-to-day operation. It certainly would > be too much to expect a new person to be able to "work on". > > And the "theoretically" part is important, in that it draws the line > between what is realistic and unrealistic. The thing written in C > or shell would not make much of a dent and the existence of ref > transaction API would not have much effect on partial working tree > updates not being restored. They are red-herrings. I understood this problem as being one where we do the ref work first, which we could start a transaction for, the user then ctrl+c's after the ref work is done, but before the working tree is updated. Which, if we use the ref transaction API we could intercept with an atexit() hook that would inspect our state to see if we're done, and if not roll back the transaction. It wouldn't survive a kill -9, but would handle being interrupted. We'd then leave the working tree modifications in place, or not, and roll back our ref updates, or not, depending on where we were when we were ctrl+c'd. The reason it being a command that's recently converted to C (in terms of its API use) matters is because we don't have any sort of cross-command ref transaction mechanism, if the ref-modifying command we're invoking fails we don't know why exactly based on its exit code. So we're not prepared to roll it back, although that could theoretically be addressed it's easier just to move it all to in-process API use, and it also addresses the general TODO of reducing how much we shell out to ourselves over using internal APIs. > I suspect that the untold thinking behind your statement was that we > should try not to discourage new users from asking, and I agree with > the sentiment to a certain degree. But at the same time, I think it > is simply irresponsible to do so without distinguising between > asking for something realistic and unrealistic. I must admit I'm not deeply familiar with builtin/stash.c in particular, but I've looked at e.g. the API use in builtin/branch.c that I referenced, and I think that (and converting to the transaction API in general) is a very suitable task for someone who's interested in contributing, but not deeply familiar with the codebase.